Blog-App-Buffalo icon indicating copy to clipboard operation
Blog-App-Buffalo copied to clipboard

Published 20 hours ago verified publisher icon mikaelm1

CSRF token not found in request

Open wwaldbu opened this issue 7 years ago • 7 comments

I followed your tutorial and loved the in-depth explanation, however, I can't seem to get the CSRF token generating. I am right at the spot where a user should be able to register.

Would love to figure out what I am doing wrong. I really love this framework!

screen shot 2018-01-30 at 8 26 48 pm

wwaldbu avatar Jan 31 '18 01:01 wwaldbu

Thanks for checking out my tutorial!

Did you add the <%= csrf() %> template helper inside the register form? The details of this template helper function is located towards the end of the "Register Users" section of the tutorial.

mikaelm1 avatar Jan 31 '18 02:01 mikaelm1

Yes, I just double checked and my code all matches yours. Any other ideas? The only thing I changed was using a Postgres database instead of SQLite.

wwaldbu avatar Jan 31 '18 02:01 wwaldbu

This could possibly be the issue https://github.com/gobuffalo/buffalo/issues/886

wwaldbu avatar Jan 31 '18 03:01 wwaldbu

The database and the csrf token are not related, so using Postgres should not matter. I can also see in your stack trace that a csrf token exists in the request's context. This indicates to me that the csrf token that is in the context does not match the one found in the form. And it looks like Buffalo has an open issue (https://github.com/gobuffalo/buffalo/issues/886) that looks similar to what you're seeing. Maybe try using an incognito browser or manually clearing any cookies and session data. Also, another thing is that the token inside the Form seems to be wrong. Your stack trace is showing it's value as <%= authenticity_token %> but it should actually be the value of the authenticity_token in your Context object. My guess is that it's either a problem with the template helper function or an issue with buffalo. Make sure you have all the quotes and back slashes correct in the helper function:

"csrf": func() template.HTML {
	return template.HTML("<input name=\"authenticity_token\" value=\"<%= authenticity_token %>\" type=\"hidden\">")
},

mikaelm1 avatar Jan 31 '18 03:01 mikaelm1

Just tried all those potential solutions and recopied the template helper function. Still getting the same error. Guess I will try some tests to see if I can get a simple form post working properly and follow the issue on Github to see if a solution comes about. Very excited to start contributing to this project!

wwaldbu avatar Jan 31 '18 03:01 wwaldbu

I've just started to learn GoLAng & Buffalo with your tutorial, and stumbled upon the same error as above.

For a quick fix, in the register.html file, instead of <%= csrf() %> insert straight the <input name="authenticity_token" value="<%= authenticity_token %>" type="hidden"> tag, and the auth token will be in its place. Of course now we are not using the helper, but for the tutorial... And just for the stats, I'm using Buffalo version v0.12.1 with postgres database.

Pena86 avatar Jun 24 '18 04:06 Pena86

I had the same issue. My fix is not elegant, but works for register.html and login.html: use nstead of <%= csrf() %> opps, didn't see Pena86's comment :)

Prounckk avatar Oct 09 '18 05:10 Prounckk